CrypBoss is a family of ransomware that includes the HydraCrypt and UmbreCrypt variants. This family targets Windows OS and is distributed via the Angler Exploit Kit. They all delete Shadow Volume Copies to prevent file restoration and use AES encryption to lock victims’ files. Differences include appended file extensions (.hydracrypt_ID_[8 random characters] and .umbrecrypt_ID_[victim_id]) and the way in which the ransom notes are written. HydraCrypt threatens to release victims’ private data on the Dark Web.